Resolving MissingVerifierException When Configuring External JWT IdP in FusionAuth
-
I’m trying to set up an External JWT Identity Provider to accept tokens from Keycloak. I’ve filled out all the necessary fields in FusionAuth, but when I send a token request to /api/jwt/reconcile, I get this error:
io.fusionauth.jwt.MissingVerifierException : Message: No Verifier has been provided for verifying a signature signed using [SHA256withRSA]
How can I resolve this?
-
This error usually means FusionAuth doesn’t have the public key it needs to verify the JWT signature.
Make sure you’ve imported the public key that Keycloak uses to sign tokens into Settings → Key Master in FusionAuth. Check whether your JWT includes a kid (Key ID) claim. If it does, the key you import into Key Master must have a matching Key ID. You can confirm the Key ID after importing by clicking the view (
) icon next to the key.
Once the correct key is imported and matches the kid from the JWT, FusionAuth will be able to verify the token’s signature.